Subscribe to PortalGuard's Quarterly Newsletter for News & Updates on the Latest Release! Click to Subscribe

AS400 User Repository Integration

Problem:

-          Integrate PortalGuard with AS400 server repository.

Solution A:

-          Adding a new user repository and changing repository type.

Steps for Solution A:

-          Navigate to your PortalGuard Server

-          Open the PortalGuard Configuration Editor

-          On the bottom, select the ‘User Repositories’ tab and click the ‘Create’ button

-          In the new window, fill out the name, description, and display name fields as you wish

  • These fields only apply to the PortalGuard Configuration Editor and are used for reference

-          In the ‘Repository Type’ drop-down, select ‘IBM System i (AS400)

-          Fill out the configuration tab with the server you wish to connect to, and the username and password of the PortalGuard service account

  • IMPORTANT: Remember, the service account must be an iSeries account with the *SECADM privilege
  • IMPORTANT – 2: If you have multiple user repositories configured in PortalGuard, you MUST set up a resolution on all but one policy by navigate to the ‘Resolution’ tab
    • In this example, I am using ‘AS400\’ as a prefix that must be entered before the username to direct PortalGuard to this repository for user lookup.  I have configured AD as the default, though you may switch that around as you see fit.

-          Save the config

-          Apply and Sync those changes

Additionally, you mentioned that you wish to enable the mobile app functionality. There are two different mobile apps that PortalGuard supports: the Google Authenticator and the PortalGuard Password Reset Application.  Both apps provide OTP functionality, but only the PortalGuard Password Reset Application enables you to perform a password reset directly from the application. 

The Basic Pre-requisites for enabling the Mobile Authenticator:

-          Open the PortalGuard Configuration Editor

-          Click the ‘Edit Bootstrap’ button in the middle

-          Navigate to the ‘Policies’ tab

-          Click the ‘Generate CA’ button on the bottom half of the screen under the ‘PortalGuard Certificate Authority’ tab

-          This generates a CA for the mobile app integration.  Once completed, you may click ‘Save’

-          Then, navigate to the ‘Security Policies’ tab of the PortalGuard Configuration Editor and edit the policy within which you want to enable the Mobile App

-          Click on the ‘Authentication Methods’ tab and then navigate to the ‘Mobile App’ sub-tab

-          Ensure that ‘Allow Mobile Authenticator Generated OTPs’ is checked, update the ‘Description Template’ and set the ‘Enrollment During Login’ to either ‘Optional’ or ‘Required’

-          Navigate to the ‘Actions’ tab at the top, and then choose the tab appropritate for where you want to allow Mobile App OTPs (for example, to allow mobile app OTPs during Password reset, you would select the ‘PW Reset’ sub-tab here)

-          Under ‘Accepted OTP Methods’ ensure the ‘Mobile Authenticator’ is checked.

-          Save the file.

-          Apply and Sync the changes.

If you wish to also use the PortalGuard Password Reset Application for its password reset functionality, you’ll want to take a look at the PortalGuard Admin Guide (Located HERE), beginning with bottom of page 70. This section – PortalGuard Password Reset – Mobile App – covers the additional pre-requisites for utilizing the PortalGuard Password Reset Application alongside your PortalGuard implementation.

  • 17
  • 22-Mar-2018
  • 169 Views